[LOGGING][ROS 7.11.2] IPSec Account
Posted: Sun Jun 09, 2024 3:20 pm
Hi,
This might be a stupid question but I'm unable to fix this myself.
At some point my mikrotik has stopped including the connecting account when an IPSec tunnel authorizes. In the past it was configured (without any attention to this spesific issue) to log who just connected and authenticated by telling me the email address of the connected peer. It was in the ipsec,account log and this just worked perfect without any effort, I just setup logging rules for ipsec and it just did what I expected.
However at some point - I can;t say when exactly it stopped logging the email address under [log, account]. It just gives me:
ipsec,info,account peer authorized: public xxx.xxx.xxx.xxx[4500]-xxx.xxx.xxx.xxx[4288] spi:xxxxxxxx4de3d8b1:ea50a347xxxxxxxx
this log instead of telling me who connected.
I can see in winbox under the peer window that the connection is active and who the peer is but I need it in the logs.
And like I said in the past it was just right without any special effort on my part.
It had to have been an update along the way.
I just recently started monitoring the network with PRTG network monitor and when I setup the IPSec syslog sensor is when I noticed this issue.
Can someone tell me if ROS changed this logging behaviour for some reason and how do I include the authorized peer in the logs again?
Note: I activated a temp logging rule: ipsec , debug , !packet to see if and when that peer identity gets logged but it never comes up except for 1 single line:
ipsec,debug checking SAN: rfc822: vecxxxxxxxxxx@gmail.com
Now obviously I can't use that as it falls under the debug category and the only real way to use this is to add it to the syslog and then filter the messages by a contains or something but the performance impact of doing that on my server seems ridiculous. There has to be an easy fix that I'm just not seeing.
Any thoughts?
Thanks in advance
This might be a stupid question but I'm unable to fix this myself.
At some point my mikrotik has stopped including the connecting account when an IPSec tunnel authorizes. In the past it was configured (without any attention to this spesific issue) to log who just connected and authenticated by telling me the email address of the connected peer. It was in the ipsec,account log and this just worked perfect without any effort, I just setup logging rules for ipsec and it just did what I expected.
However at some point - I can;t say when exactly it stopped logging the email address under [log, account]. It just gives me:
ipsec,info,account peer authorized: public xxx.xxx.xxx.xxx[4500]-xxx.xxx.xxx.xxx[4288] spi:xxxxxxxx4de3d8b1:ea50a347xxxxxxxx
this log instead of telling me who connected.
I can see in winbox under the peer window that the connection is active and who the peer is but I need it in the logs.
And like I said in the past it was just right without any special effort on my part.
It had to have been an update along the way.
I just recently started monitoring the network with PRTG network monitor and when I setup the IPSec syslog sensor is when I noticed this issue.
Can someone tell me if ROS changed this logging behaviour for some reason and how do I include the authorized peer in the logs again?
Note: I activated a temp logging rule: ipsec , debug , !packet to see if and when that peer identity gets logged but it never comes up except for 1 single line:
ipsec,debug checking SAN: rfc822: vecxxxxxxxxxx@gmail.com
Now obviously I can't use that as it falls under the debug category and the only real way to use this is to add it to the syslog and then filter the messages by a contains or something but the performance impact of doing that on my server seems ridiculous. There has to be an easy fix that I'm just not seeing.
Any thoughts?
Thanks in advance